Chef Automate - Azure Sydney User Group
-
Upload
matt-ray -
Category
Technology
-
view
232 -
download
2
Transcript of Chef Automate - Azure Sydney User Group
![Page 1: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/1.jpg)
Chef Automate Overview
Azure Sydney User GroupSeptember 20, 2017
![Page 2: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/2.jpg)
Matt RayManager, Solutions Architect – APJChef [email protected]@mattray
![Page 3: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/3.jpg)
We’re no longer an airline. We’re a software company with wings.
– Veresh Sita, CIO, Alaska Airlines
Every business is a software business
![Page 4: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/4.jpg)
Infrastructure Automation Application Automation Compliance Automation
Workflow
Visibility
Com
pliance
![Page 5: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/5.jpg)
Chef
▪ Manages deployment and on-going automation
▪ Define reusable resources and infrastructure state as code
▪ Scale elegantly from one to tens of thousands of managed nodes across multiple complex environments
▪ Community, Certified Partner, and Chef supported content available for all common automation tasks
Infrastructure automation and delivery at scale
windows_feature "IIS-WebServerRole" doaction :install
end
windows_feature "IIS-ASPNET" doaction :install
end
iis_pool "FooBarPool" doruntime_version "4.0"action :add
end
package "apache" doaction :install
end
template "/etc/httpd/https.conf" dosource "httpd.conf.erb"mode 0075owner "root"group "root"
end
service "apache2" doaction :start
done
![Page 6: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/6.jpg)
PART OF A PROCESS OF CONTINUOUS COMPLIANCE
Scan for Compliance
Build & Test Locally
Build & Test CI/CD Remediate Verify
A SIMPLE EXAMPLE OF AN INSPEC CIS RULE
InSpec
▪ Translate compliance into Code
▪ Clearly express statements of policy
▪ Move risk to build/test from runtime
▪ Find issues early
▪ Write code quickly
▪ Run code anywhere
▪ Inspect machines, data, APIs, and Cloud platforms
Turn security and compliance into code
control 'windows-base-201' do title 'Strong Windows NTLMv2 Authentication Enabled; Weak LM Disabled' desc 'http://support.microsoft.com/en-us/kb/823659' impact 1.0
describe registry_key ('HKLM\System\CurrentControlSet\Control\Lsa') do it { should exist } its('LmCompatibilityLevel') { should eq 4 } end
![Page 7: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/7.jpg)
Why InSpec + Chef + Microsoft?
![Page 8: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/8.jpg)
Habitat
▪ Ease the burden of managing microservice apps and bring benefits of apps architected for microservices to traditional applications
▪ Gain consistent management of new and traditional applications across their lifecycle
▪ Provides application portability for new and traditional apps
▪ Autonomous nodes self-manage runtime state of application based upon policy you define
▪ APIs expose application behaviors as data for better management
▪ Works in tandem with infrastructure automation
▪ Makes applications running on containers, PaaS, virtual machines, bare metal, … better
Automation that travels with the app
![Page 9: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/9.jpg)
Chef and Microsoft Integrations
• Chef Automate now live on the Azure Marketplace and Azure Gov Cloud• Supports Azure Stack• Continue to enhance Chef VM Extension (Linux & Windows)• OMS integration with Chef client and server • Knife, Test Kitchen, and InSpec plugins for Azure
Azure/OMS
• Support for PowerShell DSC since 2014, WMF 5.0 support added• New Chef Client resources added, continued focus to bring popular resources into the “core” Chef Client• Windows Server 2016 and Nano Server as supported platforms as well as Windows Container support• ChefDK is now supported on Client and Server platforms • Chef Supermarket contains Windows-specific cookbooks• Test Kitchen support for Windows via WinRM and SSH• InSpec resources for Windows• Habitat support for Windows
Windows
• Chef VSCode extension for syntax and tooling plugins• Chef and InSpec Extensions for Visual Studio Team Services (VSTS)• Working with Visual Studio engineering team on other possible integrations/white space, possibly around InSpec &
HabitatVisual Studio
![Page 10: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/10.jpg)
The Chef Automate PlatformContinuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package▪ Test▪ Approve
BUILD
▪ Provision▪ Configure▪ Execute▪ Update
DEPLOY
▪ Secure▪ Comply▪ Audit▪ Measure▪ Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed▪ Package infrastructure and app
configuration as code▪ Continuously automate
infrastructure and app updates
Improve Efficiency▪ Define and execute standard
workflows and automation ▪ Audit and measure
effectiveness of automation
Decrease Risk▪ Define compliance rules as
code▪ Deliver continuous compliance
as part of standard workflow
![Page 11: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/11.jpg)
![Page 12: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/12.jpg)
Chef Automate Demo
![Page 13: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/13.jpg)
inspec-azure
● https://github.com/chef/inspec-azure● Azure Ruby SDK● Will be merged into core InSpec
![Page 14: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/14.jpg)
inspec-azure
azure_resource_group
azure_vm
azure_vm_datadisks
![Page 15: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/15.jpg)
inspec-azure
![Page 16: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/16.jpg)
Dig into the new way of learning about Chef, Automation, and DevOps.
Self-paced training on Linux and Windows and much more!
learn.chef.io
![Page 17: Chef Automate - Azure Sydney User Group](https://reader034.fdocuments.in/reader034/viewer/2022042723/5a65558d7f8b9a5b558b6d21/html5/thumbnails/17.jpg)